tqchen commented on code in PR #17377: URL: https://github.com/apache/tvm/pull/17377#discussion_r1761244701
########## docs/reference/security.rst: ########## @@ -34,10 +34,15 @@ The private security mailing address is: `[email protected] <[email protected] Feel free to consult the `Apache Security guide <https://www.apache.org/security/>`_. -Considerations +Security Model -------------- The default binary generated by TVM only relies on a minimum runtime API. The runtime depends on a limited set of system calls(e.g. malloc) in the system library. + +TVM RPC server assumes that the user is trusted and needs to be used in a trusted network environment +and encrypted channels. It allows writings of arbitrary files into the server for benchmarking purposes. Review Comment: great suggestion, just updated to include explicit discussion about RCE -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
